Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warning: skip copying avb_custom_key image avb footer (avb_custom_key partition size: 0, avb_custom_key image size: 1032). #327

Closed
alexchiu100014 opened this issue Aug 7, 2024 · 9 comments
Closed

Warning: skip copying avb_custom_key image avb footer (avb_custom_key partition size: 0, avb_custom_key image size: 1032). #327

alexchiu100014 opened this issue Aug 7, 2024 · 9 comments
Assignees
@chenxiaolong

Comments

@alexchiu100014
Copy link

alexchiu100014 commented Aug 7, 2024
edited
Loading

Nothing Phone (2) here.

Warning: skip copying avb_custom_key image avb footer (avb_custom_key partition size: 0, avb_custom_key image size: 1032).

"Your device has loaded a different operating system" would appear while boot.
Is this meant not supported, or I need to flash other partition?
@pixincreate
Copy link

No. The message Your device has loaded a different operating system means that your device is working as expected.

@alexchiu100014
Copy link
Author

What I expected is "Bootloader Locked" in Key Attestation Demo and Pass "Strong" in Play Integrity Check.

But I didn't saw "Bootloader Locked" in Key Attestation Demo
And Play Integrity only pass "Basic"
Is this project meant or have the effect to pass these checks, or it just let me lock my bootloader with a modified or custom rom?

(Sorry, I really want to post screenshots, but my Telegram got force logout without any attention and pictures are gone.)

@pixincreate
Copy link

In Key Attestation Demo app, you should see signed with custom key.
With respect to play integrity, I really have no idea on that as the device that i daily drive do not have GMS installed and most of the app that i use work without GMS.
However, since you've locked the bootloader, you hardware attestation should pass (you can check that with GrapheneOS's Auditor app), and again, not sure about GMS's STRONG check.

@pascallj
Copy link
Contributor

pascallj commented Aug 7, 2024

In regards to Play Integrity. Basic is the correct verdict by default at the moment. Locking with a modified or custom rom is indeed the (only) goal. If you want to know more, you can search the (closed) issues for "play integrity".

@alexchiu100014
Copy link
Author

In Key Attestation Demo app, you should see signed with custom key. With respect to play integrity, I really have no idea on that as the device that i daily drive do not have GMS installed and most of the app that i use work without GMS. However, since you've locked the bootloader, you hardware attestation should pass (you can check that with GrapheneOS's Auditor app), and again, not sure about GMS's STRONG check.

d73b8b9b7abe4b2e947c504c03f30089

@alexchiu100014
Copy link
Author

After disabled "Attest device props" :
0a1b7cbadb174ec48cc1c07ee543a167

@pixincreate
Copy link

Root of trust set by user is expected, yes.

#327 (comment)

I'm not sure.

@chenxiaolong
Copy link
Owner

Yeah, avbroot won't help at all for passing Play Integrity. Hardware attestation will report that the OS is signed by your own key, which Google does not trust for STRONG integrity.

@chenxiaolong chenxiaolong self-assigned this Aug 17, 2024
@xabolcs
Copy link

xabolcs commented Aug 18, 2024

#299 can be updated with pong! 🙏

@chenxiaolong chenxiaolong mentioned this issue Aug 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chenxiaolong chenxiaolong

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@xabolcs @chenxiaolong @pascallj @alexchiu100014 @pixincreate